Hello,
I have the need to retrieve assets through GET calls, only if I'm logged in (reserved assets).
I've tried using the CUG, setting an user as a viewer then, when I've published the folder and also the asset, I try with Postman to access the resource with basic authentication (of course the user that is in the CUG settings of the folder) and I get a resource not found 404 error.
What is the correct process to retrieve those assets with a GET call?
Thank you,
Guglielmo
Views
Replies
Total Likes
Updating:
the error is showing only through the dispatcher, as if I call the asset from the 2 publish instances with the correct basic authentication, the CUG configuration is working as expected. Anybody knows if there is a specific CUG configuration for the dispatchers ?
Hi,
Please check https://experienceleague.adobe.com/docs/experience-manager-dispatcher/using/configuring/permissions-... to implement dispatcher changes in order to protect asset properly and with caching.
I'm not sure I've understood fully this guide, because I've implemented the servlet but if I try to call it with this URL :http://localhost:4502/bin/permissioncheck?uri=/content/dam/folder/reserved/image.jpg
the response is :
Cannot serve request to /bin/permissioncheck in AuthcheckerServlet
Even if I call the servlet from author or publish directly, it doesn't seem to work.
I've not used the org.apache.felix.scr.annotations, since they are deprecated, but instead i wrote this:
@Component(service = Servlet.class, immediate = true,
property = {
SLING_SERVLET_PATHS + "=/bin/permissioncheck",
})
public class AuthcheckerServlet extends SlingSafeMethodsServlet {
Could this be the error ?
Hi,
1. You have to create a servlet , that you already did.
2. Update the /auth_checker section in the dispatcher file
Ok, i verified that this configuration is working for .html pages but not for assets, which is what I need.
I've tried also with the filter
/0000
{
/glob "*"
/type "allow"
}
}
and it's still not working for assets
/filter
{
/0000
{
/glob "*"
/type "deny"
}
/0001
{
/glob "/content/secure/*.html"
/type "allow"
}
/0010 { /glob "/content/dam/secure/*.pdf" /type "allow"}
/0012 { /glob "/content/dam/secure/*.doc" /type "allow"}
}
I've already used this kind of filter and it seems to be working, but only for non-secured folders, which is not so useful in my opinion.
These are the cases for the postman calls:
Hi,
For assets, if you applied cug, it will only applied for the immediate child asset.
Could you try to add cug to asset and check, if you are getting head request or not.
Ideally it should work.
we are also using this feature to protect page as well asset.
I've tried setting the CUG for the single assets but it's not possible. It's also stated in this guide: https://experienceleague.adobe.com/docs/experience-manager-learn/assets/advanced/closed-user-groups....
It seems like if the user has no permissions over the CUG protected folder, he/she can't neither call the authentication servlet, which becomes useless. The strange behaviour it's that it happens only with the dispatcher.
I've managed to resolve the issue:
Thank you @arunpatidar for all the support!
I am glad that finally it works for you.
Views
Likes
Replies